From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760772AbbKTQz7 (ORCPT ); Fri, 20 Nov 2015 11:55:59 -0500 Received: from mga02.intel.com ([134.134.136.20]:38970 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759522AbbKTQz6 (ORCPT ); Fri, 20 Nov 2015 11:55:58 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,323,1444719600"; d="scan'208";a="825360533" Message-ID: <1448038537.31665.176.camel@linux.intel.com> Subject: Re: [PATCH v1 5/7] test_hexdump: check all bytes in real buffer From: Andy Shevchenko To: Rasmus Villemoes Cc: Andrew Morton , linux-kernel@vger.kernel.org Date: Fri, 20 Nov 2015 18:55:37 +0200 In-Reply-To: <87lh9us3h4.fsf@rasmusvillemoes.dk> References: <1447259718-19647-1-git-send-email-andriy.shevchenko@linux.intel.com> <1447259718-19647-6-git-send-email-andriy.shevchenko@linux.intel.com> <87lh9us3h4.fsf@rasmusvillemoes.dk> Organization: Intel Finland Oy Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.18.1-1 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2015-11-19 at 11:11 +0100, Rasmus Villemoes wrote: > On Wed, Nov 11 2015, Andy Shevchenko om> wrote: > > > After processing by hex_dump_to_buffer() check all the parts to be > > expected. > > > > Part 1. The actual expected hex dump with or without ASCII part. > > This is provided by plain strcmp() call including check for the > > terminating NUL. > > > > Part 2. Check if the buffer is dirty beyond needed. > > We fill the buffer by ' ' (space) characters, so, we expect to > > have the > > tail of buffer will be left untouched. Check all bytes in the > > tail of > > the buffer. > > First of all, ' ' is one of the characters which hexdump is certainly > supposed > to spit out, so I think it's better to use some other character for > prefilling. Otherwise we wouldn't be able to detect a stray write of > a > space which wasn't properly guarded by a size check. I'd suggest > '\xff' or any other non-ascii Okay, I may change the ' ' to something, but somehow printable. See also below. > character (and make it a #define so that > it's less magic). > > > > Part 3. Return code should be as expected. > > > > Signed-off-by: Andy Shevchenko > > --- > >  lib/test_hexdump.c | 32 ++++++++++++++++---------------- > >  1 file changed, 16 insertions(+), 16 deletions(-) > > > > diff --git a/lib/test_hexdump.c b/lib/test_hexdump.c > > index a3e3b01..9b95b67 100644 > > --- a/lib/test_hexdump.c > > +++ b/lib/test_hexdump.c > > @@ -128,10 +128,9 @@ static void __init test_hexdump_set(int > > rowsize, bool ascii) > >   > >  static void __init test_hexdump_overflow(size_t buflen, bool > > ascii) > >  { > > + char test[TEST_HEXDUMP_BUF_SIZE]; > >   char buf[TEST_HEXDUMP_BUF_SIZE]; > > - const char *t = test_data_1_le[0]; > >   size_t len = 1; > > - size_t l = buflen; > >   int rs = 16, gs = 1; > >   int ae, he, e, r; > >   bool a; > > @@ -147,26 +146,27 @@ static void __init > > test_hexdump_overflow(size_t buflen, bool ascii) > >   e = ae; > >   else > >   e = he; > > - buf[e + 2] = '\0'; > >   > >   if (!buflen) { > > - a = r == e && buf[0] == ' '; > > - } else if (l < 3) { > > - a = r == e && buf[0] == '\0'; > > - } else if (l < 4) { > > - a = r == e && !strcmp(buf, t); > > - } else if (ascii) { > > - if (l < 51) > > - a = r == e && buf[l - 1] == '\0' && buf[l > > - 2] == ' '; > > - else > > - a = r == e && buf[50] == '\0' && buf[49] > > == '.'; > > + memset(test, ' ', sizeof(test)); > > + test[sizeof(buf) - 1] = '\0'; > > + > > + a = r == e && !memchr_inv(buf, ' ', sizeof(buf)); > > test and buf happen to have the same size, but > "test[sizeof(buf) - 1] = '\0'" is rather odd. But you don't even seem > to use test in this branch? Here I feel the test buffer just to print below if any error happens when buflen == 0. That's why I would like to have a somehow printable character. > > >   } else { > > - a = r == e && buf[e] == '\0'; > > + int f = min_t(int, e + 1, buflen); > > + > > + test_hexdump_prepare_test(len, rs, gs, test, > > sizeof(test), ascii); > > + test[f - 1] = '\0'; > > + > > + a = r == e && !memchr_inv(buf + f, ' ', > > sizeof(buf) - f) && !strcmp(buf, test); > >   } > > There's also a bit of duplication in the !buflen and buflen > branches. Why not pull the computation of f (the number of expected > bytes written) outside and do See above. buflen == 0 is a special case where buffer shouldn't be touched at all. > >   f = min_t(int, e + 1, buflen); >   a = r == e && !memchr_inv(buf + f, ' ', sizeof(buf) - f); >   if (buflen) { >     test_hexdump_prepare_test(len, rs, gs, test, sizeof(test), > ascii); >     test[f - 1] = '\0'; >     a = a && !memcmp(buf, test, f); >   } > > (I think it's better to use memcmp for "untrusted" buffers - if > hexdump didn't make buf into a proper C string, it's a little fragile > passing it to strcmp). This makes it obvious that the entire contents > of buf is being tested. Can do that. > > Rasmus -- Andy Shevchenko Intel Finland Oy